Monitoring Compliance

A compliance management program should call for periodic reviews of compliance in all areas of the bank. The persons performing the reviews should be independent of the transactions they are checking and may be internal employees or independent contractors, such as a consulting or auditing firm. The reviews should be guided by a scope approved by the board of directors detailing what will be checked, when and by whom.

Status reports on the review program, along with reports of findings from individual reviews, should be provided to the board on a regular basis, along with reports on the status of corrective action on identified weaknesses. Corrective action plans should be formulated, assigning responsibility to a specific individual or group, with a specific due date for completion and a requirement for status reports showing progress of corrective action.